top of page

Privacy Policy

 

This privacy policy explains how I collect, use, store, and protect your personal data when you work with me for hypnotherapy or coaching services.

​

Why I Collect Your Data

I collect and process personal data to:

  • Provide safe, ethical, and effective hypnotherapy or coaching services

  • Communicate with you about appointments and relevant resources

  • Comply with legal, ethical, and regulatory obligations

  • Maintain appropriate records of our work together

 

What Data I Collect

Depending on the nature of our work, I may collect:

  • Contact information: Name, email address, phone number

  • Health information: Relevant medical history or psychological wellbeing (for hypnotherapy)

  • Session records: Brief notes to support your progress

  • Payment details: Where required for invoicing or payment processing

  • Email communications: Including any forms or intake materials you complete. 

All data is collected with your consent and used only in ways directly relevant to the services I provide.

​

Lawful Basis for Processing

Under UK GDPR, I rely on the following lawful bases:

  • Consent: You have given clear consent for me to process your data for a specific purpose.

  • Contractual obligation: Processing is necessary for the contract between us.

  • Legal obligation: I may be required to keep certain records to comply with tax or regulatory responsibilities.

  • Legitimate interests: Processing is necessary to provide a professional service, where your rights are not overridden.

 

How Your Data Is Stored

  • Your data is stored securely, either digitally on password-protected devices or in locked files.

  • I do not share your personal data with third parties unless legally required or with your explicit consent (e.g. in a referral).

  • I use secure systems for email, session records, and scheduling. If we work online, sessions are conducted over encrypted platforms (e.g. Zoom).

 

How Long I Keep Your Data

  • Client records are kept for 7 years after our final session, in accordance with insurance and professional guidelines.

  • After that time, your data is securely deleted or destroyed.

  • You have the right to request that I delete your data earlier, where appropriate and legally permissible.

 

Your Rights Under UK GDPR

You have the right to:

  • Access the personal data I hold about you.

  • Rectify incorrect or incomplete data.

  • Request erasure (“the right to be forgotten”) under certain conditions.

  • Restrict processing of your data.

  • Object to certain types of data processing.

  • Withdraw consent at any time, where consent was the legal basis.

  • Complain to the Information Commissioner’s Office (ICO) if you believe your data is being misused.

For more information, or to exercise your rights, contact me using the details below.

 

Confidentiality and Ethics

Everything you share with me is confidential and handled in accordance with:

  • The GHR Code of Ethics (for hypnotherapy).

  • The ICF Code of Ethics (for coaching).

  • UK GDPR and the Data Protection Act 2018.

 

Confidentiality may be broken only if I believe you or someone else is at serious risk of harm, or if required by law. Wherever possible, I will discuss this with you first.

 

Updates to this Policy

This privacy policy may be updated periodically. You will be informed of significant changes.

 

By engaging in hypnotherapy or coaching with me, you acknowledge that you have read and understood this privacy policy.

 

Harriet Graham

Email: harriet@harrietgrahamcoaching.com

Phone: +44 (0)7866 456059

Effective from January 2025
 

bottom of page